N.Y. financial regulator says to focus on cyber security

NEW YORK (Reuters) - New York's financial regulator said on Monday his agency will focus on cyber security over the next year, saying the possibility of a systemic attack to the financial system is one thing that keeps him awake at night.

"It is impossible to take it seriously enough," said Benjamin Lawsky, superintendent of the Department of Financial Services (DFS) for the state of New York.

Cyberterrorism is "the most significant issue DFS will work on in the next year," he said, speaking at a Bloomberg Markets event at the Museum of Jewish Heritage in lower Manhattan.

A series of prominent cyber attacks this year has underscored how vulnerable much data has become. Just this month Home Depot revealed some 56 million payment cards were likely compromised in a cyber attack at its stores, dwarfing another recent high-profile attack at retailer Target.

Banks, too, have not come away unscathed. JPMorgan Chase & Co said last month that it is investigating a possible cyber attack and working with law enforcement authorities to determine the scope.

A report earlier this year by DFS on cyber security in the banking sector found that most institutions surveyed have come under cyber attack at some point in the past three years. The attacks came irrespective of the institutions' sizes, highlighting how prevalent an issue hacking has become.

"I worry that we're going to have some major cyber event in the financial system that's going to cause us all to shudder," said Lawsky, who regulates both banks and insurance companies.

Lawsky noted that, while there's a role for policy makers and legislators to address the issue, the public sector also may be able to prod the private sector to take steps to better handle the risk.

"We need to think about ways to incentivize the market participants to do more to protect themselves from attacks," Lawsky said.

He noted the rising market for cyber attack insurance, still in its relative infancy. That, in turn, could help companies improve their internal systems to fight such breaches, as those efforts could help them secure policies.

"It's a bargain if we harden our systems now and protect against something more catastrophic," Lawsky said. "It is a great deal in my view. Once there is major event, everyone suffers. We're going to pay for it either now or then."